Denial-of-Service risk in initiateSwap leading to forced refunds and financial loss
Summary
Malicious actors can flood the system with many small initiateSwap requests, overwhelming the fulfillSwap function. If the system keeper cannot process all pending swaps in time, valid swap requests may expire due to the deadline check in fulfillSwap, legitimate users are forced to call refundSwap to reclaim their locked funds, losing money due to swap fees.
Vulnerability Details
The issue arises from how initiateSwap allows unlimited pending swap requests while fulfillSwap has a deadline check. The malicious actors can spam initiateSwap with many small requests, delaying swap processing.
https://github.com/Cyfrin/2025-01-zaros-part-2/blob/main/src/market-making/branches/StabilityBranch.sol#L347-L349
After the swap request expired, users are forced to call refundSwap to reclaim their locked funds, losing money due to swap fees if the baseFeeUsd is not zero.
https://github.com/Cyfrin/2025-01-zaros-part-2/blob/main/src/market-making/branches/StabilityBranch.sol#L474
Impact
Denial of Service (DoS): The swap system becomes unusable due to spammed and expired requests.
Financial Loss: Users lose money to refund fees without completing swaps.
Tools Used
Manual code review
Recommended Mitigation
Implement a priority queue or enforce a minimum USD token amount per swap
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.